Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-43852

    IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows aspera_console
    • Published: Apr. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-27272

    IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.... Read more

    Affected Products : linux_kernel windows aspera_console
    • Published: Apr. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-39565

    Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0.... Read more

    Affected Products : melapress_login_security
    • Published: Apr. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2947

    IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.... Read more

    Affected Products : i i
    • Published: Apr. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-30844

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2.... Read more

    Affected Products : watu_quiz
    • Published: Apr. 01, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-22923

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.... Read more

    Affected Products : opensis
    • Published: Apr. 02, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-22927

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-22931

    An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20950

    Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.... Read more

    Affected Products : notes
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20951

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.... Read more

    Affected Products : galaxy_store
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-3323

    A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql inje... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-2876

    The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unaut... Read more

    Affected Products : melapress_login_security
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-26186

    SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php... Read more

    Affected Products : opensis
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-42650

    NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.... Read more

    Affected Products : nanomq
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-7596

    A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. ... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7586

    A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer o... Read more

    Affected Products : ac500_firmware ac500
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-7565

    A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password lea... Read more

    Affected Products : bl-ac3600_firmware bl-ac3600
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-7564

    A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. L... Read more

    Affected Products : bl-ac3600_firmware bl-ac3600
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-46626

    OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.... Read more

    Affected Products : opensis
    • Published: Oct. 02, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-34663

    Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025
Showing 20 of 291593 Results